rust hostcalls: update deps, replace ed25519-dalek with ed25519-compact

ed25519-dalek is not maintained any more, and even if it is not relevant to us, is flagged as insecure due to an API that could be misused. Replace with ed25519-compact which doesn't have these issues. Also update the aes-gcm and chacha20poly1305 crates
WebAssembly · Sep 12, 2022 · 898f0a3 · 898f0a3
1 parent c7caf73
commit 898f0a3
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 47 deletions.
diff --git a/implementations/hostcalls/rust/Cargo.toml b/implementations/hostcalls/rust/Cargo.toml
@@ -11,52 +11,39 @@ keywords = ["webassembly", "wasm", "crypto"]
 repository = "https://github.com/webassembly/wasi-crypto"
 
 [dependencies]
-aes-gcm = "0.9.4"
+aes-gcm = "0.10.1"
 anyhow = "1.0.58"
 bincode = "1.3.3"
-boring = {version = "2.0.0", optional = true }
+boring = { version = "2.0.0", optional = true }
 byteorder = "1.4.3"
-chacha20poly1305 = "0.9.1"
+chacha20poly1305 = "0.10.1"
 curve25519-dalek = "=3.2.0" # updating is impossible due to a dependency on an older `zeroize` version
 derivative = "2.2.0"
-ed25519-dalek = "1.0.1"
+ed25519-compact = "1.0.11"
 hkdf = "0.12.3"
 hmac = "0.12.1"
-k256 = { version = "0.11.3", features = [
-    "ecdsa",
-    "std",
-    "pkcs8",
-    "pem",
-] }
-p256 = { version = "0.11.1", features = [
-    "ecdsa",
-    "std",
-    "pkcs8",
-    "pem",
-] }
-p384 = { version = "0.11.1", features = [
-    "ecdsa",
-    "std",
-    "pkcs8",
-    "pem",
-] }
+k256 = { version = "0.11.3", features = ["ecdsa", "std", "pkcs8", "pem"] }
+p256 = { version = "0.11.1", features = ["ecdsa", "std", "pkcs8", "pem"] }
+p384 = { version = "0.11.1", features = ["ecdsa", "std", "pkcs8", "pem"] }
 rsa = { version = "0.6.1", features = [
     "expose-internals",
     "serde",
     "std",
-    "pem"
+    "pem",
 ], optional = true }
 pqcrypto-traits = { version = "0.3.4", optional = true }
 pqcrypto-kyber = { version = "0.7.6", optional = true }
 
-rand_core = { version = "0.6.3", features = ["getrandom"], package = "rand_core" }
+rand_core = { version = "0.6.3", features = [
+    "getrandom",
+], package = "rand_core" }
 rand_core_05 = { package = "rand_core", version = "0.5", default-features = false }
 serde = { version = "1.0.140", features = ["derive"] }
 sha2 = "0.10.2"
 subtle = "2.4.1"
 thiserror = "1.0.31"
 xoodyak = "0.7.3"
-zeroize = "1.5.7"
+zeroize = { version = "1.5.7", features = ["derive"] }
 
 [features]
 default = ["pqcrypto", "boring"]

diff --git a/implementations/hostcalls/rust/src/asymmetric_common/keypair.rs b/implementations/hostcalls/rust/src/asymmetric_common/keypair.rs
@@ -179,8 +179,8 @@ impl CryptoCtx {
 
     pub fn keypair_secretkey(&self, kp_handle: Handle) -> Result<Handle, CryptoError> {
         let kp = self.handles.keypair.get(kp_handle)?;
-        let pk = kp.secret_key()?;
-        let handle = self.handles.secretkey.register(pk)?;
+        let sk = kp.secret_key()?;
+        let handle = self.handles.secretkey.register(sk)?;
         Ok(handle)
     }
 

diff --git a/implementations/hostcalls/rust/src/signatures/eddsa.rs b/implementations/hostcalls/rust/src/signatures/eddsa.rs
@@ -1,14 +1,11 @@
 use std::sync::Arc;
 
-use ed25519_dalek::Signer as _;
-
 use super::*;
 use crate::asymmetric_common::*;
 use crate::error::*;
-use crate::rand::SecureRandom;
 
-const KP_LEN: usize = ed25519_dalek::KEYPAIR_LENGTH;
-const PK_LEN: usize = ed25519_dalek::PUBLIC_KEY_LENGTH;
+const KP_LEN: usize = ed25519_compact::KeyPair::BYTES;
+const PK_LEN: usize = ed25519_compact::PublicKey::BYTES;
 
 #[derive(Debug, Clone)]
 pub struct EddsaSignatureSecretKey {
@@ -18,29 +15,28 @@ pub struct EddsaSignatureSecretKey {
 #[derive(Debug, Clone)]
 pub struct EddsaSignatureKeyPair {
     pub alg: SignatureAlgorithm,
-    pub ctx: Arc<ed25519_dalek::Keypair>,
+    pub ctx: Arc<ed25519_compact::KeyPair>,
 }
 
 impl EddsaSignatureKeyPair {
     fn from_raw(alg: SignatureAlgorithm, raw: &[u8]) -> Result<Self, CryptoError> {
         ensure!(raw.len() == KP_LEN, CryptoError::InvalidKey);
-        let ctx = ed25519_dalek::Keypair::from_bytes(raw).map_err(|_| CryptoError::InvalidKey)?;
+        let ctx = ed25519_compact::KeyPair::from_slice(raw).map_err(|_| CryptoError::InvalidKey)?;
         Ok(EddsaSignatureKeyPair {
             alg,
             ctx: Arc::new(ctx),
         })
     }
 
     fn as_raw(&self) -> Result<Vec<u8>, CryptoError> {
-        Ok(Vec::from(self.ctx.to_bytes()))
+        Ok(self.ctx.to_vec())
     }
 
     pub fn generate(
         alg: SignatureAlgorithm,
         _options: Option<SignatureOptions>,
     ) -> Result<Self, CryptoError> {
-        let mut rng = SecureRandom::new();
-        let ctx = ed25519_dalek::Keypair::generate(&mut rng);
+        let ctx = ed25519_compact::KeyPair::generate();
         Ok(EddsaSignatureKeyPair {
             alg,
             ctx: Arc::new(ctx),
@@ -71,7 +67,7 @@ impl EddsaSignatureKeyPair {
     }
 
     pub fn public_key(&self) -> Result<EddsaSignaturePublicKey, CryptoError> {
-        let ctx = self.ctx.public;
+        let ctx = self.ctx.pk;
         Ok(EddsaSignaturePublicKey { alg: self.alg, ctx })
     }
 }
@@ -125,7 +121,7 @@ impl SignatureStateLike for EddsaSignatureState {
     }
 
     fn sign(&mut self) -> Result<Signature, CryptoError> {
-        let signature_u8 = Vec::from(self.kp.ctx.sign(&self.input).to_bytes());
+        let signature_u8 = self.kp.ctx.sk.sign(&self.input, None).to_vec();
         let signature = EddsaSignature::new(signature_u8);
         Ok(Signature::new(Box::new(signature)))
     }
@@ -161,30 +157,33 @@ impl SignatureVerificationStateLike for EddsaSignatureVerificationState {
             CryptoError::InvalidSignature
         );
         signature_u8.copy_from_slice(signature.as_ref());
-        let dalek_signature = ed25519_dalek::Signature::try_from(signature_u8)
-            .map_err(|_| CryptoError::VerificationFailed)?;
         self.pk
             .ctx
-            .verify_strict(self.input.as_ref(), &dalek_signature)
+            .verify(
+                &self.input,
+                &ed25519_compact::Signature::from_slice(&signature_u8)
+                    .map_err(|_| CryptoError::InvalidSignature)?,
+            )
             .map_err(|_| CryptoError::VerificationFailed)?;
         Ok(())
     }
 }
 #[derive(Clone, Debug)]
 pub struct EddsaSignaturePublicKey {
     pub alg: SignatureAlgorithm,
-    pub ctx: ed25519_dalek::PublicKey,
+    pub ctx: ed25519_compact::PublicKey,
 }
 
 impl EddsaSignaturePublicKey {
     fn from_raw(alg: SignatureAlgorithm, raw: &[u8]) -> Result<Self, CryptoError> {
-        let ctx = ed25519_dalek::PublicKey::from_bytes(raw).map_err(|_| CryptoError::InvalidKey)?;
+        let ctx =
+            ed25519_compact::PublicKey::from_slice(raw).map_err(|_| CryptoError::InvalidKey)?;
         let pk = EddsaSignaturePublicKey { alg, ctx };
         Ok(pk)
     }
 
     fn as_raw(&self) -> Result<Vec<u8>, CryptoError> {
-        Ok(Vec::from(self.ctx.to_bytes()))
+        Ok(self.ctx.to_vec())
     }
 
     pub fn import(

diff --git a/implementations/hostcalls/rust/src/symmetric/aes_gcm.rs b/implementations/hostcalls/rust/src/symmetric/aes_gcm.rs
@@ -1,4 +1,4 @@
-use ::aes_gcm::aead::{generic_array::GenericArray, AeadInPlace, NewAead};
+use ::aes_gcm::aead::{generic_array::GenericArray, AeadInPlace, KeyInit};
 use ::aes_gcm::{Aes128Gcm, Aes256Gcm, AesGcm};
 use byteorder::{ByteOrder, LittleEndian};
 use state::*;

diff --git a/implementations/hostcalls/rust/src/symmetric/chacha_poly.rs b/implementations/hostcalls/rust/src/symmetric/chacha_poly.rs
@@ -1,4 +1,4 @@
-use ::chacha20poly1305::aead::{generic_array::GenericArray, AeadInPlace, NewAead};
+use ::chacha20poly1305::aead::{generic_array::GenericArray, AeadInPlace, KeyInit};
 use ::chacha20poly1305::{ChaCha20Poly1305, XChaCha20Poly1305};
 use byteorder::{ByteOrder, LittleEndian};
 use state::*;